Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1001
Views
0
Helpful
2
Replies

[ISE V2.3]Error 'ise operation failed.' during importing a new certificate in the trusted certificates.

Jihye Han
Cisco Employee
Cisco Employee

‎04-22-2019 07:46 PM - edited ‎04-23-2019 02:13 AM

Hi all,

 

I have 2 PANs as the PAN Primary and PAN secondary and I exported the certificate of the PAN_Secondary and imported it to the Trusted Certificates to join the node.

But I got error message 'ise operation failed. check that files being uploaded exist and are readable. failure could also be due to an http timeout error.' during importing a new certificate.

Do anybody know this error message?

 

Thanks.

Jihye.

 

Preview file
114 KB
0 Helpful
2 Replies 2

Arne Bier
VIP
VIP

‎04-23-2019 12:09 PM

Not seen that before when importing any cert into ISE. What does the exported cert look like in a text editor? I think ISE exports in PEM format and so you should see the BEGIN CERTIFICATE text etc. Maybe something doesn’t look right in that file?

Are you able to import any other cert like a root ca cert (just as an example )?

 

what you’re doing by importing the pan 2 cert into pan 1 is technically feasible but it’s not ideal. Self signed certs are no basis to build a long term system. It doesn’t scale. It brings browser warnings. Renewing these things is a pain. If you can issue an ISE Admin cert via some PKI or via a public ca the i would advise you do that. That’s just an aside ... what you’re attempting should however not result in an error. Ise 2.3 is not famous for its quality either

0 Helpful

Jihye Han
Cisco Employee
Cisco Employee
In response to Arne Bier

‎04-25-2019 09:56 PM - edited ‎04-25-2019 09:57 PM

Hi,

 

I have resolved my issue with the following steps.

 

1)Re-installed the DNS server -> I thought this issue was caused by DNS resolrution.

2)Tried to reboot for each Node.

3)After, I was able to import the CTL of PAN2 into the PAN1 and I can proceed registering the pan2 node well.

 

Thanks.

Jihye.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents